Hi Durand, Thanks for your reply.
Is it possible to have it check the student source first, then if it fails go to AD? or something like that? G Suite doesn't normally do 802.1x, but they have an LDAP server you can authenticate against which is what I'm trying to do. Thanks! On Fri, Oct 11, 2019 at 5:45 PM Durand fabrice via PacketFence-users <[email protected]> wrote: > > Hello Jordan, > > the error message is related to ntlm, so it mean that it try to > authenticate the student account on the AD. > > When it fail in freeradius then the radius request doesn't reach the > packetfence code to test the authentication sources with the rules. > > So you need to find a way to authenticate your student with 802.1x and > is it possible to do 802.1x with G suite ? > > Regards > > Fabrice > > > Le 19-10-03 à 16 h 23, Jordan Dare via PacketFence-users a écrit : > > Hi all, > > > > I'm having issues getting a wireless profile to use the secondary LDAP > > source instead of the Active Directory source when authentication > > fails. > > > > What I have is our internal AD server that has all staff accounts, > > etc. And an stunnel proxy to G-Suite LDAP which contains our student > > accounts. > > > > What I want to happen is if authentication fails for the first Active > > Directory source, it then tries the stunnel G Suite LDAP, however it > > seems to hit the AD source, get a "authentication failed", and then > > stop there. > > > > Here's what the "RADIUS" tab on the failed authentication shows: > > Module-Failure-Message = "chrooted_mschap: Program returned code (1) > > and output 'The attempted logon is invalid. This is either due to a > > bad username or authentication information. (0xc000006d)'" > > Module-Failure-Message = "chrooted_mschap: External script says: The > > attempted logon is invalid. This is either due to a bad username or > > authentication information. (0xc000006d)" > > Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" > > User-Password = "******" > > Module-Failure-Message = "Failed retrieving values required to > > evaluate condition" > > > > Thanks. > > -- > > > > Jordan Dare > > > > Information Technology Specialist > > > > Morgan Hill Unified School District > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Jordan Dare Information Technology Specialist Morgan Hill Unified School District 15600 Concord Circle, Morgan Hill, CA 95037 Office: (408)-201-6000 ext 51028 Cell: (408)-891-2420 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
